diff --git a/docs/modules/ROOT/pages/migration.adoc b/docs/modules/ROOT/pages/migration.adoc
index 8c81515009..5a7fea0a4c 100644
--- a/docs/modules/ROOT/pages/migration.adoc
+++ b/docs/modules/ROOT/pages/migration.adoc
@@ -71,6 +71,60 @@ open fun springSecurity(http: HttpSecurity): SecurityFilterChain {
----
====
+If this breaks your application, then you can explicitly opt into the 5.8 defaults using the following configuration:
+
+.Defer Loading `CsrfToken`
+====
+.Java
+[source,java,role="primary"]
+----
+@Bean
+DefaultSecurityFilterChain springSecurity(HttpSecurity http) throws Exception {
+ CsrfTokenRequestAttributeHandler requestHandler = new CsrfTokenRequestAttributeHandler();
+ // set the name of the attribute the CsrfToken will be populated on
+ requestHandler.setCsrfRequestAttributeName(null);
+ http
+ // ...
+ .csrf((csrf) -> csrf
+ .csrfTokenRequestHandler(requestHandler)
+ );
+ return http.build();
+}
+----
+
+.Kotlin
+[source,kotlin,role="secondary"]
+----
+@Bean
+open fun springSecurity(http: HttpSecurity): SecurityFilterChain {
+ val requestHandler = CsrfTokenRequestAttributeHandler()
+ // set the name of the attribute the CsrfToken will be populated on
+ requestHandler.setCsrfRequestAttributeName(null)
+ http {
+ csrf {
+ csrfTokenRequestHandler = requestHandler
+ }
+ }
+ return http.build()
+}
+----
+
+.XML
+[source,xml,role="secondary"]
+----
+
+
+
+
+
+
+
+
+
+----
+====
+
=== Explicit Save SecurityContextRepository
In Spring Security 5, the default behavior is for the xref:servlet/authentication/architecture.adoc#servlet-authentication-securitycontext[`SecurityContext`] to automatically be saved to the xref:servlet/authentication/persistence.adoc#securitycontextrepository[`SecurityContextRepository`] using the xref:servlet/authentication/persistence.adoc#securitycontextpersistencefilter[`SecurityContextPersistenceFilter`].